CVE-2026-7167 | The vulnerability arises when the system fails to properly v… | CVSS 6.9 MEDIUM

Description

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.

Metadata

CVE ID: CVE-2026-7167
State: PUBLISHED
Assigner: INCIBE
Reserved: 2026-04-27 07:25 UTC
Published: 2026-06-22 12:50 UTC
Last updated: 2026-06-22 15:46 UTC
Primary CWE: CWE-200
CWE-200 Exposure of Sensitive Information to an Unauthorized…
Vendor / Product: Gaudire / Assassin game
Sources: cve.org · NVD

Severity & Metrics

6.9 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Gaudire	Assassin game	—	last version

Weakness (CWE)

CWE	Source	Description
CWE-200	cna	CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

References (1)

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire